package com.dc.commons.shiro.realm;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import com.dc.commons.shiro.defaults.DefaultPermissionService;
import com.dc.commons.shiro.persistence.Permission;
import com.dc.commons.shiro.service.PermissionService;
import com.dc.commons.shiro.session.DcSession;
import com.dc.commons.status.DataStatus;
import com.dc.commons.status.UseStatus;
import com.dc.commons.sys.persistence.User;
import com.google.common.collect.Sets;

public class SimpleRealm extends  AuthorizingRealm{

	private PermissionService permissionService=new DefaultPermissionService();
	
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		User user=(User)principals.getPrimaryPrincipal();
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		Permission permission=permissionService.findPermissionsByName(user.getUserCode());
		info.setRoles(Sets.newHashSet(permission.getRoles()));
		info.setStringPermissions(Sets.newHashSet(permission.getMenus()));
		return info;
	}

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		String userName=(String)token.getPrincipal();
		User user=permissionService.findUserByName(userName);
		
		//用户不存在
		if(user==null){
			throw new UnknownAccountException("用户不存在！");
		}
		
		// 用户已经失效
		if(user.getDataStatus()!=DataStatus.VALID){
			throw new DisabledAccountException("用户已经失效！");
		}
		
		//用户已锁定
		if(user.getUseStatus()!=UseStatus.ENABLED){
			throw new LockedAccountException("用户已锁定");
		}
		  SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
				  	user, //用户名
	                user.getUserPassword(), //密码
	                ByteSource.Util.bytes(new byte[]{}),//salt=username+salt
	                getName()  //realm name
	        );
		return authenticationInfo;
	}
	
	/**
	 *  进行权限判断的时候 除了 user 
	 */
	 protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals){
		 DcSession session=(DcSession)sessionDao.readSession(SecurityUtils.getSubject().getSession(false).getId());
		if(!session.isDcValid()){
			String msg=session.getMsg();
			sessionDao.delete(session);
			throw new ExpiredCredentialsException(msg);
		}
		 
		 return super.getAuthorizationInfo(principals);
			 
			 
	 }

	 
	 private SessionDAO sessionDao;

	public void setSessionDao(SessionDAO sessionDao) {
		this.sessionDao = sessionDao;
	}
	 
	 
}
